製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の IntelliCom 製品の cgi-bin/read.cgi におけるディレクトリトラバーサルの脆弱性

Title	複数の IntelliCom 製品の cgi-bin/read.cgi におけるディレクトリトラバーサルの脆弱性
Summary	IntelliCom NetBiter NB100 and NB200 プラットフォーム上で稼働する、複数の IntelliCom 製品の cgi-bin/read.cgi には、ディレクトリトラバーサルの脆弱性が存在します。本脆弱性は、CVE-2009-4463 とは異なる脆弱性です。
Possible impacts	リモート認証された管理者により、ページパラメータ内の .. (dot dot) を介して、任意のファイルを読まれる可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 15, 2011, midnight
Registration Date	June 6, 2011, 2:34 p.m.
Last Update	June 6, 2011, 2:34 p.m.

Affected System

IntelliCom Innovation AB

Netbiter Easy Connect EC150

Netbiter Modbus RTU - TCP Gateway MB100

Netbiter Serial Ethernet Server SS100

Netbiter webSCADA WS100

Netbiter webSCADA WS200

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4730	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4730
National Vulnerability Database (NVD)
2	CVE-2010-4730	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4730

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
IntelliCom
1	Top Page	http://support.intellicom.se

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-10-316-01A	http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf
JVN
2	JVNVU#114560	http://jvn.jp/cert/JVNVU114560
US-CERT Vulnerability Note
3	VU#114560	http://www.kb.cert.org/vuls/id/114560

Change Log

No	Changed Details	Date of change
0	[2011年06月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-4730

Summary	Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463.
Publication Date	Feb. 15, 2011, 10 a.m.
Registration Date	Jan. 29, 2021, 11:09 a.m.
Last Update	Nov. 21, 2024, 10:21 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:intellicom:netbiter_easyconnect_ec150::::::::
cpe:2.3:h:intellicom:netbiter_modbus_rtu-tcp_gateway_mb100::::::::
cpe:2.3:h:intellicom:netbiter_serial_ethernet_server_ss100::::::::
cpe:2.3:h:intellicom:netbiter_webscada_ws100::::::::
cpe:2.3:h:intellicom:netbiter_webscada_ws200::::::::
cpe:2.3:h:intellicom:netbiter_nb100::::::::
cpe:2.3:h:intellicom:netbiter_nb200::::::::

Related information, measures and tools

No	URL	タグ
1	http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html	Exploit
2	http://www.kb.cert.org/vuls/id/114560	US Government Resource
3	http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf	US Government Resource
4	http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html	Exploit
5	http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf	US Government Resource
6	http://www.kb.cert.org/vuls/id/114560	US Government Resource

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:intellicom:netbiter_easyconnect_ec150::::::::
cpe:2.3:h:intellicom:netbiter_modbus_rtu-tcp_gateway_mb100::::::::
cpe:2.3:h:intellicom:netbiter_serial_ethernet_server_ss100::::::::
cpe:2.3:h:intellicom:netbiter_webscada_ws100::::::::
cpe:2.3:h:intellicom:netbiter_webscada_ws200::::::::
cpe:2.3:h:intellicom:netbiter_nb100::::::::
cpe:2.3:h:intellicom:netbiter_nb200::::::::